CloudFail: Detect CloudFlare Secured Hosts!

Posted: 2 years ago by @pentestit4066 viewsUpdated: September 1, 2017 at 11:54 am

Recently, we posted about HatCloud, a different tool which identifies CloudFlare protected IP addresses. This post is about CloudFail, a tool which detects CloudFlare protected hosts and then some more.

What is CloudFail?

CloudFail is an open source tool coded in Python, which utilizes mis-configured DNS and old database records to find hidden hosts behind the CloudFlare network. It also has an option for protecting your probes by utilizing the TOR network for scanning. When you first enter a target, it uses information from DNSDumpster to see if the host, DNS or MX records are protected by CloudFlare. The target is then scanned via a database saved from Crimeflare, which used to track malicious websites protected by the CloudFlare network. Finally, the target is then scanned using a list of pre-defined sub-domains, which then returns somewhat sensitive information about the target. On a well-configured target, this is what the CloudFail returns:

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!